Design network configuration for use in University

Design network configuration for use in University

You have been hired as part of the networking team at UMUC. After completing orientation and training, your manager calls you into a meeting to discuss your first project.

The university has recently leased a single building in Adelphi, Maryland. The building will house faculty and administrative offices, classrooms, a library, and computer labs. Security is important for UMUC, as the university must protect students’ and employees’ data, as well as any intellectual property that UMUC has on its servers and computers. As a result, IT management would like to take the time to review proposals on how best to move forward on security issues. As a junior network engineer, you have been asked to prepare a network proposal on how to set up a secure network infrastructure in the newly leased building to support university operations. The network proposal will require three submissions covering network design, network addressing and security, and network customization and optimization.

After speaking to your manager, you are excited about the project, but you realize you will have a busy schedule. As you are writing your proposal, you will also have to prepare for the CompTIA Network+ Certification exam. One of the conditions of your employment at this university is that you obtain this certification within 60 days of being hired.

The network proposal represents a great opportunity to document your expertise. Additionally, it is also a great opportunity for you to form an integrated view of the different aspects of networking which are tested in the certification exam.

Network Design (i.e., Part 1)

In this section, address each of the following.

  1. Define the network topology that will be used and justify the decision.
  2. Select the appropriate cables and connectors and justify the decision. Describe where wired connections will be used within or across the two new academic buildings and justify the decision. Students must use both wired and wireless technologies.
    • Student should be specific when discussing the models, types, and costs.
  3. Select the appropriate networking and internetworking hardware for each building, and justify the decision.
    • Student should be specific when discussing the models, types, and costs.
  4. Select the appropriate Wide Area Network (WAN) design and wireless configuration, and justify the decision. Students must use both wired and wireless technologies.
    • Student should be specific when discussing the models, types, and costs.
  5. Consider that faculty, students, and guests can bring their own devices (BYOD) and use their computer in each of the buildings.
    • Student should be specific when discussing the models, types, and costs.
  6. Select the appropriate computer systems hardware to use to support the faculty, students, and overall network design; and justify the decision(s).
    • Student should be specific when discussing the models, types, and costs.

Students will find the majority of information working through the TestOutLabSim labs. Students should seek additional information to include in each submission as described in the overview by searching scholarly journals and other credible sources as appropriate. Reputable technical websites can be considered a credible source, but make sure to include at least two scholarly sources for each part of the Network Design Proposal.

Rubric Name: Network Design Proposal Part 1

Criteria Excellent Good Acceptable (Recommended Proficiency) Needs Improvement Needs Significant Improvement Missing or Unacceptable
Assessed the appropriate network topology to support the technical requirements of the network design Provided an excellent description of the technical requirements, proposal, and justification for the network topology. Provided an outstanding description of the technical requirements, proposal, and justification for the network topology. Provided a description of the technical requirements, proposal, and justification for the network topology. Provided a description of the technical requirements and proposal for the network topology, but lacked an appropriate justification. Identified technical requirements for the network topology, but the proposal and justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the network topology of the paper were off topic or failed to provide required level of detail.
Identified the appropriate cables and connectors to implement the network design Provided an excellent description of the technical requirements, proposal, and justification for the cables and connectors. Provided an outstanding description of the technical requirements, proposal, and justification for the cables and connectors. Provided a description of the technical requirements, proposal, and justification for the cables and connectors. Provided a description of the technical requirements and proposal for the cables and connectors, but lacked an appropriate justification. Identified a technical requirement for the cables and connectors, but the proposal and justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the cables and connectors of the paper were off topic or failed to provide required level of detail.
Assessed the proper networking and internetworking hardware to support the network design Provided an excellent description of the technical requirements, proposal, and justification for the networking and internetworking hardware. Provided an outstanding description of the technical requirements, proposal, and justification for the networking and internetworking hardware. Provided a description of the technical requirements, proposal, and justification for the networking and internetworking hardware. Provided a description of the technical requirements and proposal for the networking and internetworking hardware, but lacked an appropriate justification. Identified a technical requirement for the networking and internetworking hardware, but the proposal and justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the networking and internetworking hardware of the paper were off topic or failed to provide required level of detail.
Assessed the appropriate Wide Area Network (WAN) design Provided an excellent description of the technical requirements, proposal, and justification for the Wide Area Network (WAN). Provided an outstanding description of the technical requirements, proposal, and justification for the Wide Area Network (WAN). Provided a description of the technical requirements, proposal, and justification for the Wide Area Network (WAN). Provided a description of the technical requirements and proposal for the Wide Area Network (WAN), but lacked an appropriate justification. Identified a technical requirement, but the proposal and justification for the Wide Area Network (WAN) lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the Wide Area Network (WAN) of the paper were off topic or failed to provide required level of detail.
Assessed the proper computer systems and hardware to support the network design Provided an excellent description of the technical requirements, proposal, and justification for the computer systems and hardware. Provided an outstanding description of the technical requirements, proposal, and justification for the computer systems and hardware. Provided a description of the technical requirements, proposal, and justification for the computer systems and hardware. Provided a description of the technical requirements and proposal for the computer systems and hardware, but lacked an appropriate justification. Identified a technical requirement for the computer systems and hardware, but the proposal and justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the computer systems and hardware of the paper were off topic or failed to provide required level of detail.
Use of Authoritative Sources / Resources Work contains a reference list containing entries for all cited resources. Reference list entries and in-text citations are correctly formatted using the appropriate IEEE style for each type of resource. The description appropriately used information from 5 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites. Work contains a reference list containing entries for all cited resources. One or two minor errors in IEEE format for in-text citations and/or reference list entries. The description appropriately used information from 4 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites. Work contains a reference list containing entries for all cited resources. No more than 5 minor errors in IEEE format for in-text citations and/or reference list entries. The description appropriately used information from 3 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites. Work contains a reference list containing entries for cited resources. Work contains no more than 5 minor errors in IEEE format for in-text citations and/or reference list entries. The description appropriately used information from 2 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites. Work attempts to credit sources but demonstrates a fundamental failure to understand and apply the IEEE formatting standard.

The description appropriately used information from 1 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites.

Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper.
Satisfy standards of writing style and grammatical correctness No formatting, grammar, spelling, or punctuation errors. Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance. Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work. Submitted work has numerous errors in formatting, spelling, grammar, or punctuation. Work is unprofessional in appearance. Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage. No work submitted for this assignment.
Overall Score Excellent Good Acceptable (Minimally Proficient) Needs Improvement Needs Significant Improvement Missing or Unacceptable

Network Addressing and Security (i.e., Part 2)

In this section, address each of the following.

IP Addressing:

  1. Watch How to Subnet a Network Video provided in Content -> Project Instructions
    • Review the Network Address Template provided in Content -> Project Instructions -> Project Templates for Parts 1 – 3
    • Complete the subnet chart provided at the end of the document.

Security

  1. Select each of the firewall types to implement, describe network or host-based placement, and configuration details; and justify each of the decisions.
    • Students should be specific when discussing the models, types, and costs.
  2. Select an IDS, IPS, or both for the network and justify your decision.
    • Students should be specific when discussing the models, types, and costs.
  3. Define a DMZ implementation and justify the decision.
  4. Select physical security measures for each of the new academic buildings and justify the decision.
    • Students should be specific when discussing the models, types, and costs.
  5. Select additional network security measures to be implemented and justify the decision. They should include:
    • How you will protect against social engineering attacks, and justify your decision.
    • How you will protect against faculty or students willingly, or unwillingly introducing malware onto the network, and justify your decision.
    • What secure protocols you will require for faculty and students to use while accessing resources internal, or external to the network, and justify your decision.
  6. Make explicit that UMUC will not be liable for any problems arising from personal use of devices in the two buildings.

Rubric Name: Network Design Proposal Part 2

Criteria Excellent Good Acceptable (Recommended Proficiency) Needs Improvement Needs Significant Improvement Missing or Unacceptable
Assessed the proper requirement for subnetting Demonstrate comprehension and the ability to complete the subnetting chart with no errors. Demonstrate comprehension and the ability to complete the subnetting chart with one error. Demonstrate comprehension and the ability to complete the subnetting chart with two errors. Demonstrate comprehension and the ability to complete the subnetting chart with three errors. Demonstrate comprehension and the ability to complete the subnetting chart with four errors. Demonstrate comprehension and the ability to complete the subnetting chart with five or more errors.
Assessed the appropriate firewall implementation to support the technical requirements Provided an excellent description of the technical requirements, proposal, and justification for the firewall implementation. Provided an outstanding description of the technical requirements, proposal, and justification for the firewall implementation. Provided a description of the technical requirements, proposal, and justification for the firewall implementation. Provided a description of the technical requirements and proposal for the firewall implementation. Provided a justification that was lacking in detail and/or was not well supported. Identified a technical requirement for firewall implementation, but the proposal and justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the firewall implementation of the paper were off topic or failed to provide required level of detail.
Assessed the appropriate IDS/IPS to support the technical requirements Provided an excellent description of the technical requirements, proposal, and justification for the IDS/IPS implementation. Provided an outstanding description of the technical requirements, proposal, and justification for the IDS/IPS implementation. Provided a description of the technical requirements, proposal, and justification for the IDS/IPS implementation. Provided a description of the technical requirements and proposal for the IDS/IPS implementation. Provided a justification that was lacking in detail and/or was not well supported. Identified a technical requirement for the IDS/IPS implementation, but the proposal and justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the IDS/IPS implementation of the paper were off topic or failed to provide required level of detail.
Assessed the appropriate DMZ implementation to support the technical requirements Provided an excellent description of the technical requirements, proposal, and justification for the DMZ implementation. Provided an outstanding description of the technical requirements, proposal, and justification for the DMZ implementation. Provided a description of the technical requirements, proposal, and justification for the DMZ implementation. Provided a description of the technical requirements and proposal for the DMZ implementation. Provided a justification that was lacking in detail and/or was not well supported. Identified a technical requirement for the DMZ implementation, but the proposal and justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the DMZ implementation of the paper were off topic or failed to provide required level of detail.
Assessed the appropriate physical security necessary to support the technical requirements Provided an excellent description of the technical requirements, proposal, and justification for the physical security. Provided an outstanding description of the technical requirements, proposal, and justification for the physical security. Provided a description of the technical requirements, proposal, and justification for the physical security. Provided a description of the technical requirements and proposal for the physical security. Provided a justification that was lacking in detail and/or was not well supported. Identified a technical requirement for the physical security, but the proposal and justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the physical security of the paper were off topic or failed to provide required level of detail.
Assessed the appropriate additional network security measures to support the technical requirements Provided an excellent description of the technical requirements, proposal, and justification for the additional security measures. Provided an outstanding description of the technical requirements, proposal, and justification for the additional security measures. Provided a description of the technical requirements, proposal, and justification for the additional security measures. Provided a description of the technical requirements and proposal for the additional security measures. Provided a justification that was lacking in detail and/or was not well supported. Identified a technical requirement and proposal for the additional security measures, but the justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the additional security measures of the paper were off topic or failed to provide required level of detail.
Use of Authoritative Sources / Resources Work contains a reference list containing entries for all cited resources. Reference list entries and in-text citations are correctly formatted using the appropriate IEEE style for each type of resource. The description appropriately used information from 5 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites. Work contains a reference list containing entries for all cited resources. One or two minor errors in IEEE format for in-text citations and/or reference list entries. The description appropriately used information from 4 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites. Work contains a reference list containing entries for all cited resources. No more than 5 minor errors in IEEE format for in-text citations and/or reference list entries. The description appropriately used information from 3 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites. Work contains a reference list containing entries for cited resources. Work contains no more than 5 minor errors in IEEE format for in-text citations and/or reference list entries. The description appropriately used information from 2 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites. Work attempts to credit sources but demonstrates a fundamental failure to understand and apply the IEEE formatting standard.

The description appropriately used information from 1 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites.

Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper.
Satisfy standards of writing style and grammatical correctness No formatting, grammar, spelling, or punctuation errors. Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance. Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work. Submitted work has numerous errors in formatting, spelling, grammar, or punctuation. Work is unprofessional in appearance. Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage. No work submitted for this assignment.
Overall Score Excellent Good Acceptable (Minimally Proficient) Needs Improvement Needs Significant Improvement Missing or Unaceptable

Network Customization and Optimization (i.e., Part 3)

In this section, address each of the following.

  1. Identify network services needed.
  2. List additional servers or network devices needed to implement the network.
  3. List network security measures to be implemented.
  4. Justify the need for the network services, security measures, and devices you’ve selected.
  5. Identify network storage and cloud based services that will be available for faculty and students
    • Students should be specific when discussing the configuration and implementation.
  6. Identify the proper data protection and backup method and implementation, and justify your decision.
    • Students should consider the needs of the administration, faculty, and students.
  7. Identify a network monitoring solution and describe how this will enable the optimization of the network, and justify your decision.
    • Students should be specific when describing protocol analyzers, network monitoring tools, and packet sniffers
  8. Identify how logs will be stored, managed, and how long the university will keep them, and justify your answer
    • Students should consider this in the context of the network or cloud based storage selected.
  9. Describe the troubleshooting methodology Information Technology (IT) personnel will use when troubleshooting issues across the proposed network implementation

Rubric Name: Network Design Proposal Part 3

Criteria Excellent Good Acceptable (Recommended Proficiency) Needs Improvement Needs Significant Improvement Missing or Unacceptable
Assessed the appropriate network and cloud based storage to support the network design Provided an excellent description of the technical requirements, proposal, and justification for the network and cloud-based storage. Provided an outstanding description of the technical requirements, proposal, and justification for the network and cloud-based storage. Provided a description of the technical requirements, proposal, and justification for the network and cloud-based storage. Provided a description of the technical requirements and proposal for the network and cloud-based storage. Provided a justification that was lacking in detail and/or was not well supported Identified a technical requirement for the network and cloud-based storage, but the proposal and justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the network and cloud-based storage of the paper were off topic or failed to provide required level of detail.
Assessed the appropriate data protection and backup solution to support the network design Provided an excellent description of the technical requirements, proposal, and justification for the data protection and backup solution. Provided an outstanding description of the technical requirements, proposal, and justification for the data protection and backup solution. Provided a description of the technical requirements, proposal, and justification for the data protection and backup solution. Provided a description of the technical requirements and proposal for the data protection and backup solution. Provided a justification that was lacking in detail. Identified a technical requirement for the data protection and backup solution, but the proposal and justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the data protection and backup solution of the paper were off topic or failed to provide required level of detail.
Identified the appropriate network monitoring requirement and solutions for the network design Provided an excellent description of the technical requirements, proposal, and justification for the network monitoring systems solutions. Provided an outstanding description of the technical requirements, proposal, and justification for the network monitoring systems solutions. Provided a description of the technical requirements, proposal, and justification for the network monitoring systems solutions. Provided a description of the technical requirements and proposal for the network monitoring systems solutions. Provided a justification that was lacking in detail and/or was not well supported. Identified a technical requirement, but the proposal and justification for the network monitoring system lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the network monitoring systems solutions of the paper were off topic or failed to provide required level of detail.
Assessed the proper log storage and management solution to support the network design Provided an excellent description of the technical requirements, proposal, and justification for the log storage and management. Provided an outstanding description of the technical requirements, proposal, and justification for the log storage and management. Provided a description of the technical requirements, proposal, and justification for the log storage and management. Provided a description of the technical requirements and proposal for the log storage and management. Provided a justification that was lacking in detail and/or was not well supported. Identified a technical requirement for the log storage and management, but the proposal and justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the log storage and management of the paper were off topic or failed to provide required level of detail.
Assessed the appropriate Troubleshooting Method Provided an excellent description of the technical requirements, proposal, and justification for the troubleshooting methodology. Provided an outstanding description of the technical requirements, proposal, and justification for troubleshooting methodology. Provided a description of the technical requirements, proposal, and justification for the troubleshooting methodology. Provided a description of the technical requirements and proposal for the troubleshooting methodology. Provided a justification that was lacking in detail and/or was not well supported. Identified a technical requirement and proposal for the troubleshooting methodology, but the justification lacked detail and/or was not well supported. The technical requirements, proposal, and justification for the troubleshooting methodology of the paper were off topic or failed to provide required level of detail.
Use of Authoritative Sources / Resources Work contains a reference list containing entries for all cited resources. Reference list entries and in-text citations are correctly formatted using the appropriate IEEE style for each type of resource. Five or more authoritative sources were used. Work contains a reference list containing entries for all cited resources. One or two minor errors in IEEE format for in-text citations and/or reference list entries. Four or more authoritative sources were used. Work contains a reference list containing entries for all cited resources. No more than 5 minor errors in IEEE format for in-text citations and/or reference list entries. Three or more authoritative sources were used. Work has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 5 minor errors in IEEE format for in-text citations and/or reference list entries. Work attempts to credit sources but demonstrates a fundamental failure to understand and apply the IEEE formatting standard. Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper.
Satisfy standards of writing style and grammatical correctness No formatting, grammar, spelling, or punctuation errors. Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance. Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work. Submitted work has numerous errors in formatting, spelling, grammar, or punctuation. Work is unprofessional in appearance. Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage. No work submitted for this assignment.
Overall Score Excellent Good Acceptable (Minimally Proficient) Needs Improvement Needs Significant Improvement Missing or Unaceptable

Building Details

Please consider the following building layout:

UMUC has not decided how they will use all of the physical space within the newly leased building. However, they have decided to use some of the space. The overall plan is to use the building as provided in the below diagram. However, initially, the building will house five classrooms, one student computer lab, library, and an office.

In the below building diagrams, we will use Office 5 (Admissions) on the first floor. The classrooms are labeled Classroom #1, Classroom #2, and Classroom #4 on the first floor and Classroom #1 and Classroom #5 on the second floor; each computer lab will have a closet. Each lab will have 25 devices: 23 student computers, one instructor computer, and one server in the closet for instructional use. Students should consider high traffic areas for Wi-Fi, such as the sitting areas and not the classrooms. The Wi-Fi network should be segregated from the wired network, and implemented on a separate Class C network. What will the network address, range, and broadcast address for this separate Class C wireless address be?

In addition, there will be a student computer lab that will provide computer access to students to do their homework. There will be 24 computers in this lab and a server in the closet. To allow students access to library resources, the library will also have 10 computers for the general public to use and five computers for library staff.

Finally, there are offices in the building. Each of these offices will have one computer for staff use, with the exception of the admissions office, which will have five computers. There will be two server rooms, one on the first floor and one on the second floor. 

Solution

Network Design Proposal

I. Network Design

  1. Network Topology

Technical Requirements

Designing a network is the procedure that is utilized to assemble and execute the system in light of specialized view to meet the association or organization requests to interface wired and remote gadgets, Nowadays there are an enormous sort of PC and shrewd gadgets that add to the workforce and require arrange availability, for example, PDA, Note, Laptop, Personal Computer, cell phones, and servers. Greater part of the named gadgets are utilizing the system benefits in a versatile while doing different actuates, the wired availability won’t fulfill their necessities so here come remote neighborhood “WLAN” to serve the portable and handheld gadgets, while different gadgets requires some steady and high transmission capacity alongside security and here comes wired Local Area Network LAN.

The report gives a specialized plan to a secured organize stage; it starts with a short exchange about the proposed outline that incorporates cabling and network, Logical Topology, and gadget determination and situation. At that point the IP tending to and sub-netting which gives a specialized plan of the IP tending to influence the best utilization of the accessible IP to address assets and dispense them to gadgets, wide zone organizing outline, and PC frameworks.

Proposed Topology

The network Design is not a simple mission for the system heads some are utilizing their skill in doing the plan anyway others are utilizing guidelines and measurements to satisfy the outline, now and again and there is no distortion to state in greater part the mastery doesn’t finish the full perspective of the outline and does not have a few stones to finish the divider, and for that reasons its profoundly prescribed to utilize measurements and outline techniques to make the system versatile, serviceable, accessibility and security.

The adaptability factor is to plan the system to meet present, later and future prerequisites, that is by giving all the more additional outline factors or even parameters utilized for that plan, with a specific end goal to help more versatile and adaptable to needs.

Serviceability is the factor proposed to furnish the system with some intense administrations and giving all the framework benefits that serve the present, later and future applications that will be requested.

Accessibility is the procedure to keep the system accessible to be utilized all the time that is in the size of direct network, limit, and web availability and administration accessibility too. By pleasing all client prerequisites and to make it unbending and secure besides by expanding the entrance and digital speed as system client requests.

Security factor plays the joker manage by ensuring the system as well as to fortify it also and that is by making it self-protecting system and give entrance less focuses.

That area is viewed as the center segment of the report as it gives the required specialized outline to be proposed and that segment comprises of the accompanying subsections:

  1. cabling and connectivity
  2. logical topology
  3. device selection and placement

1-cabling and connectivity

For connecting Network core devices, it’s done by the use of wired connection, however, using a wireless connection in open areas and a pathway to provide connectivity inside the building.

Based on the specs supplied, the server room or main distribution facility “MDF” is used to have the RACK unit that includes the network devices and Fire Alarm system to provide Fire protection for the MDF and UPS to provide always available service to the service users.

The design shown below is per site:

There is 16 cat6 patch panel and 750 patch cord cat 6 and 16 c3850 48 port switch for access ports also the wireless coverage is performed by the usage of 3 Access-point per floor which maintain one access point per 50 meters. The database server has a backup unit and the web server in the main site only has 2 back-ups and working as 2 active web servers and one as a standby, the core switch will maintain service level load balance for the 3 web servers, the user is authenticated to some services and pages using LDAP authentication protocol, more security is provided by the usage of ASA firewall that’s to maintain https connection to the web server and apply security policy to web traffic and provide remote access-VPN to network admin and employee users. The network topology is designed to maintain redundancy by providing a redundant unit for internet router, ASA firewall, and core switch.

Network Topology

Network devices specs:

The network devices provide the assets and hardware of the network, in that study I will provide detail information of each component on the network topology shown in the above section along with the comparative study of vendor recommended solution per network device.

1-router

The router is connecting the network platform to the internet and act as a gateway for servers and point of presence for the network applications and services on the internet, so we have chosen the router model based on the application traffic load from the internet along with considering availability and reliability metrics. The following router models are recommended per vendor:

a-Cisco 4451-X – router – desktop, rack-mountable with part number: ISR4451-X/K9

The router shipped with 8GB flash memory with the capability to scale up to 32 GB and 4GB RAM with the capability to extend up to 16 GB which makes from it highly capable of accommodating more services and traffic application needed.

B-Juniper SRX-650

Juniper Networks SRX650 Services Gateway – securityappliance- SRX650BASESRE6645AP

The router shipped with 2GB flash memory and 2GB RAM, it supports IPS, Antivirus, and Firewall which make from it router and firewall in one device component with a rough cost of 10,877$

C-Huawei AR-3260

The router shipped with 4GB flash memory and 4GB RAM, it supports IPS, Antivirus and Firewall which make from it router and firewall in one device component also it supports majority of Internet and WAN connections like ISDN, frame relay, xDSL, LTE and fiber optics  with a rough cost of 2,214$

d- HPE Flex Network MSR4080

The router shipped with 0.5GB flash memory and 2GB RAM, it supports IPS, Antivirus, and Firewall which makes from it router, Voice gateway, and firewall in one device component also it supports majority of Internet and WAN connections like ISDN, frame relay, xDSL, LTE and fiber optics  with a rough cost of $2,434.00

From the above-listed routers we have selected the Cisco 4451 due it’s high capability and reliability.

2-Firewall

a-The Cisco ASA 5555-x firewall appliance support data transfer rate up to 1750 Mbps and provide firewall protection to the LAN, High Availability and VPN and VLAN support and more security packages to secure the entire LAN from the WAN attack.

b- FortinetFortiGate 200D Security Appliance

FG-200D-BDL-950-12 network security firewall appliance  that provides Antivirus analysis, Application filtering, ASIC VPN, Firewall Protection, High Availability, Intrusion Prevention System (IPS), Manageable, URL filtering, VPN support, Web threat protection Price: 3,824$

c-Palo Alto Palo PA-3050 Security Appliance – PAN-PA-3050

Anti-malware protection , Anti-spyware protection , Antivirus analysis , Bandwidth control , Content filtering , DDos attack prevention , DHCP client , DHCP relay , DHCP server , DoSattack prevention , Firewall protection , IPv6 support , Jumbo Frames support , NAT support , Port forwarding , Quality of Service (QoS) , Syslog support , Traffic shaping , VLAN support, Price $24,000

d-SonicWall – SonicWall NSA 3600 TotalSecure

Anti-malware protection , Anti-spam protection , Antivirus analysis , Bandwidth control , DDos attack prevention , Deep Packet Inspection (DPI) , DHCP server , DoS attack prevention , Intrusion Prevention System (IPS) , IPFIX , Link Aggregation Control Protocol (LACP) , Load balancing , NAT support , NetFlow , Quality of Service (QoS) , Stateful switchover (SSO) , URL filtering , VPN support , price 4730$

e-Juniper SRX-1500 service gateway security appliance

Anti-spam protection, Anti-virus protection, DDos attack prevention, Dead Peer Detection (DPD), DHCP client, DHCP relay, DHCP server, DiffServ Code Point (DSCP) support, Firewall protection, Front to back airflow, Generic Routing Encapsulation (GRE), Inspect SSL Encrypted Traffic , Intrusion Prevention System (IPS) , IPSec NAT-Traversal (NAT-T) , IPv4 support , IPv6 support , J-Flow , LLDP support , NAT support , PAT support , Quality of Service (QoS) , Rapid Spanning Tree Protocol (RSTP) support , Spanning Tree Protocol (STP) support , URL filtering , VPN support , Weighted Random Early Detection (WRED), price 7478$,The firewall selected is Cisco ASA 5555-x firewall with part number ASA5555-FPWR-K9

3-Core Switches:

a-Cisco Catalyst 6513-e switch

provides high availability, high port density, and high forwarding rate, moreover, the switch supports a high-availability protocol for servers and that is server load balance protocol SLB.

B-HP 10500  HP 10512 switch

18-slot horizontal chassis, 18U, with 2 MPU slots, 4 SFM slots, 12 LPU slots. The HP 10500 Switch Series is a next-generation modular enterprise campus core switch designed to enable the evolving needs of a cloud-connected and rich-media-capable infrastructure. It sets a benchmark for performance, reliability, and scalability with next-generation Clos architecture with 3-microsecond latency, and delivering ultra-high 1/10/40/100GbE port density. Price 12,143$

C-Extreme  S1 switch

Extreme Networks SSA S150 Class 48 Ports 1000BASE-X via SFP and 4 10GBASE-X Ethernet ports via SFP+, Price 19,545$

d-Juniper

Juniper EX Series EX8200 – switch

The EX4600 line of Ethernet switches delivers data center class scale, high availability, and high performance to campus distribution deployments. The EX8200 gives the flexibility to also be implemented in data center top-of-rack and service provider aggregation deployments. Price 81,767$

The selected switch is Cisco 6513

4-Access switches:

a-Cisco C3850

Cisco Catalyst 3850-48P-E – switch – 48 ports – managed – rack-mountableThe Cisco Catalyst 3850 series is the enterprise-class stackable access layer switches that provide full convergence between wired and wireless on a single platform. Cisco’s Unified Access Data Plane (UADP) application-specific integrated circuit (ASIC) powers the switch and enables uniform wired-wireless policy enforcement, application visibility, flexibility, and application optimization. The Cisco Catalyst 3850 series switches support full IEEE 802.3at Power over Ethernet Plus (PoE+), modular and field-replaceable network modules, redundant fans and power supplies. Price 12,945$

b-HP 3600 switch 2,289$

HP3600 SI-24 series delivers resilient performance with support for advanced management and security features.

c-Dell N2000 $1709

Dell N2000 series offers DBE layer 2 switches with support for multi-chassis link aggregation.

d-Extreme A series $700

Extreme A4H124-24 switch stackable switch offers policy enabled layer 2 Ethernet switch they provide full-featured network switching solutions at much lower costs.

The selected switch is Cisco c3850

5-Hardware Servers:

a-web server the web server is represented in three servers that provide the same functionality but with high availability 2 active and the third is on standby.

Enterprise Dell POWEREDGE R620 Server 2 X Eight-Core Processors 64gb RAM Idrac7

Lenovo System x3550 M5 – Xeon E5-2620V4 2.1 GHz – 16 GB, Price $2,453

HPE ProLiant DL380 Gen9 – Xeon E5-2620V4 2.1 GHz – 16 GB, Price $2,149

b-Database server: the database server will host all data that is in addition to the financial data.

IBM ESS Model 800

Dell PowerEdge R630 – Xeon E5-2660V4 2 GHz – 32 GB – 1.2 TB, price $5,410

Lenovo System x3650 M5 – Xeon E5-2637V4 3.5 GHz – 16 GB, price $3,29

C-LDP authentication server: the authentication server will provide LDP authentication to the client in order to be able to review his/she bill and pay it if required.

HPE ProLiant BL460C

Lenovo ThinkServer RS160 – Xeon E3-1230V5 3.4 GHz – 8 GB, Price $830

Dell PowerEdge R230, price $914

II. Network Addressing and Security 

  1. Subnetting

The network 192.168.2.0 is to be subnetted using variable length subnet mask that’s to provide better management of network addressing and securing the network with an appropriate subnet mask that is to provide scalability for future needs of the network.

Technical Requirements

Subnet Description Required Hosts
Classroom 1 (First Floor) 25 Computers
Classroom 2 (First Floor) 25 Computers
Classroom 4 (First Floor) 25 Computers
Classroom 1 (Second Floor) 25 Computers
Classroom 5 (Second Floor) 25 Computers
Office 5 – Admissions (Second Floor) 25 Computers
Student Computer Lab 25 Computers
Library 15 Computers

 Proposed Subnet

Subnet Network Address Host Address Range Broadcast Address
Subnet Mask: 255.255.255.224__
Classroom 1 (First Floor) 192.168.2.0 192.168.2.1 – 192.168.2.30 192.168.2.31
Classroom 2 (First Floor) 192.168.2.32 _ 192.168.2.33 _ – 192.168.2.62_ 192.168.2. 63_
Classroom 4 (First Floor) 192.168.2. 64_ 192.168.2.65 _ – 192.168.2.94_ 192.168.2.95 _
Classroom 1 (Second Floor) 192.168.2.96 192.168.2.97 – 192.168.2.126 192.168.2.127
Classroom 5 (Second Floor) 192.168.2.128 192.168.2.129 – 192.168.2.158 192.168.2.159
Office 5 – Admissions (Second Floor) 192.168.2.160 _ 192.168.2.161_192.168.2.190_ 192.168.2.191_
Student Computer Lab 192.168.2.192 _ 192.168.2.193 _192.168.2.222_ 192.168.2.223_
Library 192.168.2.224 _ 192.168.2.225 _ 192.168.2.254 _ 192.168.2. 255
Wi-Fi Network 192.168.1.0 192.168.1. 1 – 192.168.1. 254 192.168.1. 255

The deployment of devices

Now we will list the device addressing and named conventions to be used in reference in the technical document and in devices enclosure.

Place Device Model Number Device name
MDF Cisco C4451 ISR4451-X/K9 MDFR01
  Cisco C4451 ISR4451-X/K9 MDFR02
  Cisco ASA 5555

FW

ASA5555-FPWR-K9 MDFASA01
  Cisco ASA 5555

FW

ASA5555-FPWR-K9 MDFASA02
Main Distribution Facility Cisco Catalyst 6513-e

Switch

WS-C6513-e MDFSW01
Cisco Catalyst 6513-e WS-C6513-e MDFSW02
Cisco 3850 48 WS-C3850-48U-E MDFSW03
Web-server 1 Dell POWEREDGE R620 MDFweb1
Web-server 2 Dell POWEREDGE R620 MDFweb2
Web-server 3 Dell POWEREDGE R620 MDFweb3
Database server IBM ESS Model 800 MDFDatabase
Authentication server HPE ProLiant BL460C MDFLDAP

 Firewall Implementation

Technical Requirements

For the network requirements, it’s recommended to use both Host based Firewall and Network based Firewall, the network based firewall provide protection for the users traffic through the network and the host based firewall provide complete solution by protecting the host traffic from the source, through the network tell it exits the network and from the internet tell it reaches the student PC.

The Intrusion Detection Sensor IDS provide intrusion detection by analyzing network traffic and provide logging alert for any detected attacks to a logging server, the Intrusion Prevention Sensor provide better protection by not just detecting an attack but takes the suitable action as well plus provide logging as well. And for our security solution provided it’s recommended to use IPS.

Dematerialized Zone DMZ provides protection to the servers by isolating it from the internal and external network making it safe away from internal and external threats, and it’s highly recommended to configure DMZ zone for the server zone.

Proposed Network Security Hardware

The Cisco ASA 5555-x firewall appliance support data transfer rate up to 1750 Mbps and provide firewall protection to the LAN, High Availability and VPN and VLAN support and more security packages to secure the entire LAN from the WAN attack.

  1. Intrusion Detection System / Intrusion Protection System

Technical Requirements

The Intrusion Detection Sensor IDS provide intrusion detection by analyzing network traffic and provide logging alert for any detected attacks to a logging server, the Intrusion Prevention Sensor provide better protection by not just detecting an attack but takes the suitable action as well plus provide logging as well. And for our security solution provided it’s recommended to use IPS.

Proposed Network Security Hardware

The Cisco ASA 5555-x firewall appliance with an integrated IPS sensor.

  1. DMZ Implementation

Technical Requirements

Use DMZ to Isolate the servers from the internal and external attacks, the DMZ just enable a known communication that is allowed between internal DMZ and internal network as well the external network and internet connection to the DMZ that is to be permitted with common and required communication purposes.

Proposed Network Security Hardware

The Cisco ASA 5555-x firewall appliance with an integrated IPS sensor

  1. Physical Security Measures

Physical security is very important for the building and it’s highly recommended to include secure doors with body scan, ID scan and security surveillance system.

The secure doors with body scan provides security to building entry as it ensure that the person enter the person is safe and doesn’t carry any weapon or explosion materials.

The ID scan ensure that the person enters the building is safe and authorized to enter the buildings.

The surveillance system ensure that the buildings protected and monitored internally and externally against any internal or external attacks or danger.

  1. Additional Network Security Measures

Technical Requirements

Provide the following security precautions in order to build a secure and protected traffic:

1-on access switches provide the following:

port security to secure physical access

B-Dynamic ARP Inspection to provide anti-ARP attack

C-IP source Guard to protect against IP address conflict

d-the usage of spanning-tree port fast to not allow STP along with spanning-tree BPDU-guard

e-the usage of VLAN to protect network users

2-on firewall apply network policy and state-full based firewall to protect web server and database server

3-on edge router configures DMBVPN to secure traffic while it crosses the service provider cloud.

Justification

1-On Cisco switch you can verify and check if there is port security or not by issuing thecommand: show port-security

2-to verify that the core switch is the STP root bridge issue the command: show spanning-tree

3-to verify VLAN configuration issue the command: show VLAN

4-on ASA firewall use the command: show run to check the ACL rules and policy rules

5-check VPN configuration on router by using the following commands

Show run

Show interface tunnel

Show DMVPN

III. Network Customization and Optimization

  1. Network and Cloud Based Storage

Technical Requirements

Network platform that provides Application services to mobile users will require software application and Infrastructure solution for the network. The solution will consider a comparative study of open source and commercial software, along with considerations to security, troubleshooting, and scalability.

The network platform software may be open source or closed source and there are some metric to decide to either to use the closed source software or open source software and they are:

1-code bug

Closed source software doesn’t allow the distribution of its source code and it’s difficult to estimate the code quality, however, open source software is available for testing and it’s able to be fixed so that metric judge for open source.

2-Price

That factor is on the side of open source solution as well as they are totally free however the closed source solution will require more payment.

3-technical support and expertise

Provide technical support for the network require well-trained engineers that solve technical tickets and issues in now time, for closed source software solution that will be available through the providing company however in open source it depends on users experience and forum based queries and try and error. For that point, the closed source wins the race.

4-Innovation and update

The innovation and update cycle depends mainly on user experience, ease of use, and hardware compatibility. The open source has an advantage over closed source in the point of number of users and experience however the closed source has a great advantage in the on time update tickets delivered by users or reported by an issue in software Moreover they have an employed engineer working in the R&D to study the compatibility issues for most updated hardware.

  1. Data Protection and Backup

Technical Requirements

The Data protection and Backup is to be provided through the usage of Network Attached Storage NAS and backup software using Acronis data backup solution that is used to backup the data and provide protection through the usage of Symantec security solutions.

Proposed Computer Systems Hardware

Segat network attached storage is being used as data backup hardware.

  1. Network Monitoring

Technical Requirements

The network monitoring is performed using a specialized software that has sensors to monitor network devices and user devices as well.

Proposed Network Monitoring Solutions

The proposed network monitoring software is Passeler PRTG.

  1. Log Storage and Management

Technical Requirements

The logging is very important to the network administrator to be able to track network attacks and threats and be able to track issues and work on it.

Proposed Logging Solution

Solar winds logging software is being used to provide the required logging solution.

  1. Troubleshooting Methodology

the network troubleshooting will be used to detect the cause of the problem and to detect the possible ways to solve the problem and make the networking works in best performance.

Proposed Computer Systems Hardware

Laptop device or terminal with windows 7 professional and with all supportive software like solar winds engineering toolset, and Air magnet WIFI analyzer to measure WIFI signal strength and perform WIFI site survey.

References

1-Wang Da. ‘Network administrators must read – Network applications (2nd edition).’ Beijing: Electronic Industry Press, 2006

2-Wei Daxin, QiangZhenhai. ‘Cisco network engineering case.’ Beijing: Electronic Industry Press, 2009

3-Campus Network Design and Implementation Using Top down Approach by BagusMulyawan, Proceedings of the 1st International Conference on Information Systems for Business Competitiveness (ICISBC) 2011.